The fact that many is not a new phenomenon. Back in December 2015, security researcher Chris Vickery us the search engine Shodan to find MongoDB servers with open ports. At the time, he was able to find poorly left expos configur MongoDB databases using a utility from Kromtech, the developer of Mac OS X’s MacKeeper suite.
Vickery’s research was follow by
John Matherly, founder of the Shodan project, who in December 2015 report finding at least 35,000 publicly accessible MongoDB instances online that did not require authentication. Exactly one year later, in January 2017, the number of public MongoDB databases not only had not decreas, but had apparently increas significantly, perhaps to 99,000 by some estimates.
To address MongoDB security risks, database administrators should follow the checklist of security measures describ left expos on the official MongoDB documentation site. The very first item on that checklist is: “Ensure access control and enable authentication.”
Security researchers
We contact are not surpris that spain whatsapp data has become a target for ransomware attackers.
“Given MongoDB’s popularity and use in production environments, it’s no surprise that the open-source database has come under ao lists attack,” said Zohar Eilon, co-founder and CEO of Dome9. “Too often, poor configuration and poor deployment practices create vulnerabilities that attackers can exploit.” He add that user left expos errors coupl with poor security practices continue to compromise workloads running in cloud environments. He suggest that users ucate themselves on best practices and known vulnerabilities before using third-party software like open-source databases.
“It’s interesting that most users
Think that databases are protect taking into account commercial ranking factors they’re behind firewalls inside data centers,” said RiskVision’s chief technology officer, Jean-François Dubé. “The problem is that attackers can also penetrate servers holding information through users’ endpoints or third-party connections.” He recommends constantly assessing any database for risk: “Organizations that monitor their databases in near real time with risk assessment tools are better able to see what’s happening when unencrypt information leaves the database.”